Auth0 Home Blog Docs

"Wrong email or verification code" on Magic Link click

Hi,

we have been featuring the Passwordless authentication on Wanderio apps for some months now, but many users struggle with the flow.

In particular, we see very high rates of “Wrong email or verification code” errors, which are encountered by up to 30% of users. We know this can be caused by expired links, but this is not the case as we have verified it happens also on brand-new links (and we have increased the expiration time of the links anyway).

I have attached a screenshot of what we typically see from the logs: 29
that is, users that request the link and then fail to exchange the code for the access_token.

We would like to know which are all the cases in which this error is triggered – as the description is very generic and, I have to say, it doesn’t help much.

Thank you
Luca

Hi, we are still experiencing this. Is there anyone that can point us to the right direction?

Thank you
Luca

I was having a very similar issue that started two days ago. I have an Angular2 web app usingUniversal Login with passwordless authentication and verification code. I’m pretty sure Auth0 made a change that affected the passwordless process. I found that my problem was that I wasn’t clearing the SSO Cookie but instead just passing the prompt=login option to the authenticate call. Instead I had to clear the SSO cookie by calling the logout endpoint and remove the prompt=login option in the authenticate call. If I don’t clear the SSO Cookie then when I called the universal login page it wouldn’t even show up but immediately send me the “no email or verification code” message.

The logout endpoint will be in a form like:
https://YOUR-AUTH0-TENANT.auth0.com/v2/logout?returnTo=YOUR-URL-TO-RETURN-TO&client_id=YOUR-AUTH0-CLIENT-ID

Hi @tcarter, thank you for your reply. I am not sure it is our case, we just send the passwordless email by calling the passwordless/start API endpoint.

Also, the error message seems a bit different, you get “no email or verification code”, while we get “wrong email or verification code

Is there a way this topic can be brought to the attention of someone at Auth0? I am not asking to debug our issue, I am just asking for a better understanding of which situations can result in this error message.

Thank you
Luca

Trying to tag @konrad.sopala to get any answer :slightly_smiling_face:

I am having the same exact isssue. I was told to switch to universal login (from embedded lock), but continue to have the same problem: error=unauthorized&error_description=Wrong%20email%20or%20verification%20code.

Hey there everyone it seems like it’s a similar issue to this one:

I already reported it to our developer support team. We’re investigating it, let me get back to you once we establish what happens out there!

Hi Konrad,

I think the issue is similar but not the same: it looks like the verification code is passed but is wrong, while in your case the code is not provided at all

Let me know as soon you have any update

Sure! We received a few of those recently and are currently investigating and reproducing it trying to establish the reason. I’ll get back to you as soon as we have something to share!

Hi @konrad.sopala, do you have any updates on this? I have just asked if you could detail better which situations produce the Wrong email or verification code error.

It’s two weeks now without reply.

Based on our DM I opened a support request for you so someone from our developer support crew will reach out to you soon!

Hello,

I created an SPA using react and used npm auth0-lock for passwordless authorization. It’s working fine for my email Id, but it’s failing for the customer who is trying to login through our portal.
I am seeing the below logs in auth0 dashboard

Not getting the reason why this is failing for other users, it works even for gmail and outlook.